Xuxueli: >> Xxl-Job >> 2.4.0 Security Vulnerabilities
A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259480.
CVSS Score
3.5
EPSS Score
0.001
Published
2024-04-06
xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-02-08
xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-15
xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-15
xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save.
CVSS Score
8.8
EPSS Score
0.013
Published
2023-11-15
This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-10